panda_pal 5.16.5 → 5.16.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +17 -1
- data/config/initializers/apartment.rb +31 -1
- data/lib/panda_pal/version.rb +1 -1
- data/lib/panda_pal.rb +10 -2
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2dc69090531d872e50b4bf8414fdca02abaeada29fb82a0da811f3c3cfce95dc
|
|
4
|
+
data.tar.gz: 86dda2b637be102247d9d400437e2c8a641287ef6003a47a72cfaac2ad3ee82e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 93dab2296f05be33a67c346b1fd61c7e62de04e714f9dfae1d88cb40b1123794453e3093e0c81fd147f5fb29c189d41b7e0454c76abbbf70dc1d845a1454e473
|
|
7
|
+
data.tar.gz: 8df5d04c2bbe0b62ff302dd1115b70650cd16bb940013b62cc404014aff0046fe0e9afc016d679d4cb63d852dc63169df1bacdaacde7d28adace939ad4028a13
|
data/README.md
CHANGED
|
@@ -38,10 +38,26 @@ LTI 1.3 has some additional configuration steps required to setup an LTI:
|
|
|
38
38
|
|
|
39
39
|
1. If you're running Canvas locally, make sure the `config/redis.yml` and `config/dynamic_settings.yml` files exist in Canvas.
|
|
40
40
|
2. Also make sure `config/security.yml` is present and set `development.lti_iss` to `'http://localhost:3000'` (where 3000 is the port you're running Canvas on).
|
|
41
|
-
3. In prod, you'll need to generate a RSA Private Key for the LTI to use. You
|
|
41
|
+
3. In prod, you'll need to generate a RSA Private Key for the LTI to use. You have several options:
|
|
42
|
+
- Set the `LTI_PRIVATE_KEY` environment variable with the PEM-encoded private key content
|
|
43
|
+
- Set the `LTI_PRIVATE_KEY_PATH` environment variable with the path to your private key file (relative to Rails.root or absolute path)
|
|
44
|
+
- For encrypted private keys, set the `LTI_PRIVATE_KEY_PASSWORD` environment variable with the decryption password
|
|
45
|
+
- Manually set `PandaPal.lti_private_key = OpenSSL::PKey::RSA.new(key)`
|
|
42
46
|
4. Make sure you have Redis installed and linked correctly
|
|
43
47
|
5. Your PandaPal::Organization's `key` should be `CLIENT_ID/DEPLOYMENT_ID` (which can be found in Canvas). If a Deployment ID is not given, the key should just be `CLIENT_ID`.
|
|
44
48
|
|
|
49
|
+
|
|
50
|
+
To generate an encrypted private key using OpenSSL:
|
|
51
|
+
```bash
|
|
52
|
+
# Generate new encrypted private key
|
|
53
|
+
openssl genrsa -aes256 -out encrypted_private_key.pem 2048
|
|
54
|
+
|
|
55
|
+
# Or encrypt existing private key
|
|
56
|
+
openssl rsa -aes256 -in existing_private_key.pem -out encrypted_private_key.pem
|
|
57
|
+
```
|
|
58
|
+
|
|
59
|
+
**Note**: The private key file path supports both relative paths (relative to Rails.root) and absolute paths.
|
|
60
|
+
|
|
45
61
|
### Launch URL property
|
|
46
62
|
LTI Spec: `The launch_url contains the URL to which the LTI Launch is to be sent. The secure_launch_url is the URL to use if secure http is required. One of either the launch_url or the secure_launch_url must be specified.`
|
|
47
63
|
|
|
@@ -259,6 +259,36 @@ ActiveSupport.on_load(:action_cable) do
|
|
|
259
259
|
def tenant
|
|
260
260
|
@tenant || 'public'
|
|
261
261
|
end
|
|
262
|
+
|
|
263
|
+
def panda_session
|
|
264
|
+
unless defined?(@panda_session)
|
|
265
|
+
@panda_session = PandaPal::Session.for_request(request, enforce_tenant: :switch)
|
|
266
|
+
@tenant ||= Apartment::Tenant.current
|
|
267
|
+
end
|
|
268
|
+
@panda_session
|
|
269
|
+
end
|
|
270
|
+
end
|
|
271
|
+
|
|
272
|
+
ActionCable::Channel::Base.module_eval do
|
|
273
|
+
delegate :panda_session, to: :connection
|
|
274
|
+
|
|
275
|
+
if defined?(CanCan)
|
|
276
|
+
set_callback(:subscribe, :around) do |_, blk|
|
|
277
|
+
blk.call
|
|
278
|
+
rescue CanCan::AccessDenied
|
|
279
|
+
reject
|
|
280
|
+
end
|
|
281
|
+
|
|
282
|
+
delegate :current_ability, to: :connection
|
|
283
|
+
|
|
284
|
+
def authorize!(*args, **kwargs)
|
|
285
|
+
current_ability.authorize!(*args, **kwargs)
|
|
286
|
+
end
|
|
287
|
+
|
|
288
|
+
def authorized?(*args, **kwargs)
|
|
289
|
+
current_ability.can?(*args, **kwargs)
|
|
290
|
+
end
|
|
291
|
+
end
|
|
262
292
|
end
|
|
263
293
|
|
|
264
294
|
# Include the Current Tenant in any broadcastings
|
|
@@ -281,7 +311,7 @@ ActiveSupport.on_load(:action_cable) do
|
|
|
281
311
|
end
|
|
282
312
|
|
|
283
313
|
# Lazily switch any worker threads to the correct tenant when they are working
|
|
284
|
-
# Actively calling `switch_tenant`
|
|
314
|
+
# Actively calling `switch_tenant` checks out a DB connection and calls `SET search_path`.
|
|
285
315
|
# The message processing may not interface with the DB, so this would be a huge waste.
|
|
286
316
|
# Instead, we ensure that the thread will trigger a :checkout if it needs a connection,
|
|
287
317
|
# at which time we hack-in the correct tenant/schema.
|
data/lib/panda_pal/version.rb
CHANGED
data/lib/panda_pal.rb
CHANGED
|
@@ -76,11 +76,19 @@ module PandaPal
|
|
|
76
76
|
def self.lti_private_key
|
|
77
77
|
key = @@lti_private_key.presence
|
|
78
78
|
key ||= ENV['LTI_PRIVATE_KEY'].presence
|
|
79
|
+
|
|
80
|
+
if key.blank? && ENV['LTI_PRIVATE_KEY_PATH'].present?
|
|
81
|
+
key_path = File.expand_path(ENV['LTI_PRIVATE_KEY_PATH'], Rails.root)
|
|
82
|
+
key = File.read(key_path) if File.exist?(key_path)
|
|
83
|
+
end
|
|
84
|
+
|
|
79
85
|
key ||= File.read(File.join( File.dirname(__FILE__), "../config/dev_lti_key.key")) if Rails.env.development?
|
|
80
86
|
return nil unless key.present?
|
|
81
87
|
|
|
82
|
-
|
|
83
|
-
|
|
88
|
+
return key unless key.is_a?(String)
|
|
89
|
+
|
|
90
|
+
password = ENV['LTI_PRIVATE_KEY_PASSWORD']
|
|
91
|
+
OpenSSL::PKey::RSA.new(key, password)
|
|
84
92
|
end
|
|
85
93
|
|
|
86
94
|
def self.lti_private_key=(v)
|